Online banking customers need cyber support
1 August 2007
With 8.2 million Australians now banking online (1.2 million started last year alone), it's little wonder that online fraud has become a major concern.
Phishing is one of the most common forms of online fraud. It uses bogus emails to redirect customers to fake sites before capturing their user IDs and passwords. This form of identity theft can have long term impacts on victims and it's important to be aware it exists. The golden rule is to never respond to an email asking you to confirm or reveal your personal banking details.
Then there's Malware. This includes 'sleepers' (like Trojan Horses) that are designed to mine sensitive and personal information, as well as harmful intruders like worms and viruses that continually find new ways to attack firewalls.
Who's responsible: the customer or the financial institution?
A recent survey by the Consumers Telecommunication Network found that online banking customers are simply not prepared for cyber attacks. And despite security software, many still experience cyber attacks regularly.
This raises the question of who's responsible; consumers or banks? The answer is both. Whilst all the major banks have security systems and conditional guarantees in the event of third party fraud, there is an onus on consumers to be vigilant about protecting personal details and ensuring they have appropriate and up to date security software installed on their computers.
Yet, despite consistent warnings from the banks, it's difficult to educate everyone.
Multi-factor authentication is the way forward
Let's face it, a user name and password for online accounts is a pretty simple system to exploit, which is why many experts believe multi-factor authentication devices such as the patented Vasco Digipass are the way forward.
The Digipass adds another layer of security in the form of a unique digital code. Entered at the same time as the PIN, the digital code, which is different every time it is entered, exists for only 30 seconds - not allowing time for online criminals to follow up. Currently, RaboPlus is the only online banking service in Australia to offer a device such as the Digipass to all its retail customers, providing the safest method of online banking in the market today.
Ross Anderson, Professor of Security Engineering at Cambridge University, recently stated at an e-Crime congress in London that banks without two-factor authentication may be more vulnerable to phishing and Trojan attacks. This view is supported by Ross Wilson, Trend Micro manager for Asia Pacific, who says that with the introduction of two-factor authentication in the US and the EU, criminal gangs are turning to Asia as the region lags behind Europe for security.
So it may be only a matter of time before all Australian banks are forced to follow the lead of RaboPlus and upgrade their security for all their retail customers.
